ragulka
commented
11 years ago Hi, can you tell me what did you POST to server and did you get the CSRF token before trying to POST?
Closed kokujin closed 11 years ago
ragulka
commented
11 years ago Hi, can you tell me what did you POST to server and did you get the CSRF token before trying to POST?
kokujin
commented
11 years ago I got the token like this:
http://localhost:1337/csrfToken
I posted then to this link using , Postman, http://www.getpostman.com/
http://localhost:1337/api/v1/users
thanks
On Tue, Oct 22, 2013 at 9:10 PM, ragulka notifications@github.com wrote:
Hi, can you tell me what did you POST to server and did you get the CSRF token before trying to POST?
— Reply to this email directly or view it on GitHubhttps://github.com/ragulka/sails-starter-app/issues/1#issuecomment-26832381 .
ragulka
commented
11 years ago Ah, that's right. It won't work because POSTman does not have sessions and using CSRF requires having sessions. So, at the moment, it is not possible to make POST/PUT/DELETE requests from POSTman if you have CSRF turned on.
I will probably add a HTTP Basic Auth method soon that will enable you to use API Key to authenticate instead, and then CSRF would need to be turned off just for requests that are authenticated via API key.
kokujin
commented
11 years ago OK, thanks! I will try with a real form. I thought the problem was due to this issue:
https://github.com/balderdashy/sails/issues/986
On Wed, Oct 23, 2013 at 11:55 AM, ragulka notifications@github.com wrote:
Ah, that's right. It won't work because POSTman does not have sessions and using CSRF requires having sessions. So, at the moment, it is not possible to make POST/PUT/DELETE requests from POSTman if you have CSRF turned on.
I will probably add a HTTP Basic Auth method soon that will enable you to use API Key to authenticate instead, and then CSRF would need to be turned off just for requests that are authenticated via API key.
— Reply to this email directly or view it on GitHubhttps://github.com/ragulka/sails-starter-app/issues/1#issuecomment-26892809 .
kokujin
commented
11 years ago Here is the link again about the fix https://github.com/balderdashy/sails/commit/f42da3c4a53b78f8164b3db4a7b33fc21cc707aa
Another thing, since you have installed the Passport module, it would be possible to use another auth. strategy by just installing it right?
Thanks
On Thu, Oct 24, 2013 at 6:20 AM, Sharriff nhytro@gmail.com wrote:
OK, thanks! I will try with a real form. I thought the problem was due to this issue:
https://github.com/balderdashy/sails/issues/986
On Wed, Oct 23, 2013 at 11:55 AM, ragulka notifications@github.comwrote:
Ah, that's right. It won't work because POSTman does not have sessions and using CSRF requires having sessions. So, at the moment, it is not possible to make POST/PUT/DELETE requests from POSTman if you have CSRF turned on.
I will probably add a HTTP Basic Auth method soon that will enable you to use API Key to authenticate instead, and then CSRF would need to be turned off just for requests that are authenticated via API key.
— Reply to this email directly or view it on GitHubhttps://github.com/ragulka/sails-starter-app/issues/1#issuecomment-26892809 .
ragulka
commented
11 years ago @kokujin Yes, you should be able to install additional passport modules and use them. You should configure them in services/Passport.js and perhaps you will need to modify isAuthenticated policy, depending on your strategy
Creating a user according to the tutorial does not work unless one removes the _csrf value. This is the traceback:
TypeError: Cannot read property '1' of null at Object.isSameOrigin (/home/kokujin/sails/starterapp/node_modules/sails/lib/util/index.js:256:70) at routes.before./* (/home/kokujin/sails/starterapp/node_modules/sails/lib/hooks/csrf/index.js:23:60) at _bind.enhancedFn (/home/kokujin/sails/starterapp/node_modules/sails/lib/router/bind.js:375:4) at callbacks (/home/kokujin/sails/starterapp/node_modules/sails/node_modules/express/lib/router/index.js:164:37) at param (/home/kokujin/sails/starterapp/node_modules/sails/node_modules/express/lib/router/index.js:138:11) at pass (/home/kokujin/sails/starterapp/node_modules/sails/node_modules/express/lib/router/index.js:145:5) at nextRoute (/home/kokujin/sails/starterapp/node_modules/sails/node_modules/express/lib/router/index.js:100:7) at callbacks (/home/kokujin/sails/starterapp/node_modules/sails/node_modules/express/lib/router/index.js:167:11) at _addResViewMethod (/home/kokujin/sails/starterapp/node_modules/sails/lib/hooks/views/index.js:337:3) at _bind.enhancedFn (/home/kokujin/sails/starterapp/node_modules/sails/lib/router/bind.js:375:4)